DNS Hijacking

DNS hijacking (sometimes referred to as DNS redirection) is a type of malicious attack that overrides a computer’s TCP/IP settings to point it at a rogue DNS server, thereby invalidating the default DNS settings. In other words, when an attacker takes control of a computer to alter its DNS settings, so that it now points to a rogue DNS server, the process is referred to as DNS hijacking.

As we all know, the “Domain Name System (DNS)” is mainly responsible for translating a user friendly domain name such as “google.com” to its corresponding IP address “74.125.235.46”. Having a clear idea of DNS and its working can help you better understand what DNS hijacking is all about. If you are fairly new to the concept of DNS, I would recommend reading my previous post on How Domain Name System Works.

How DNS Hijacking Works?

As mentioned before, DNS is the one that is responsible for mapping the user friendly domain names to their corresponding IP addresses. This DNS server is owned and maintained by your Internet service provider (ISP) and many other private business organizations. By default, your computer is configured to use the DNS server from the ISP. In some cases, your computer may even be using the DNS services of other reputed organizations such as Google. In this case, you are said to be safe and everything seems to work normally.

But, imagine a situation where a hacker or a malware program gains unauthorized access to your computer and changes the DNS settings, so that your computer now uses one of the rogue DNS servers that is owned and maintained by the hacker. When this happens, the rogue DNS server may translate domain names of desirable websites (such as banks, search engines, social networking sites etc.) to IP addresses of malicious websites. As a result, when you type the URL of a website in the address bar, you may be taken to a fake website instead of the one you are intending for. Sometimes, this can put you in deep trouble!

What are the Dangers of DNS Hijacking?

The dangers of DNS hijacking can vary and depend on the intention behind the attack. Many ISPs such as “OpenDNS” and “Comcast” use DNS hijacking for introducing advertisements or collecting statistics. Even though this can cause no serious damage to the users, it is considered as a violation of RFC standards for DNS responses.

Other dangers of DNS hijacking include the following attacks:

Pharming: This is a kind of attack where a website’s traffic is redirected to another website that is a fake one. For example, when a user tries to visit a social networking website such as Facebook.com he may be redirected to another website that is filled with pop-ups and advertisements. This is often done by hackers in order to generate advertising revenue.

Phishing: This is a kind of attack where users are redirected to a malicious website whose design (look and feel) matches exactly with that of the original one. For example, when a user tries to log in to his bank account, he may be redirected to a malicious website that steals his login details.

How to Prevent DNS Hijacking?

In most cases, attackers make use of malware programs such as a trojan horse to carry out DNS hijacking. These DNS hijacking trojans are often distributed as video and audio codecs, video downloaders, YoTube downloaders or as other free utilities. So, in order to stay protected, it is recommended to stay away from untrusted websites that offer free downloads. The DNSChanger trojan is an example of one such malware that hijacked the DNS settings of over 4 million computers to drive a profit of about 14 million USD through fraudulent advertising revenue.

Also, it is necessary to change the default password of your router, so that it would not be possible for the attacker to modify your router settings using the default password that came with the factory setting. 

Installing a good antivirus program and keeping it up-to-date can offer a great deal of protection to your computer against any such attacks.

What if you are already a victim of DNS hijacking?

If you suspect that your computer is infected with a malware program such as DNSChanger, you need not panic. It is fairly simple and easy to recover from the damage caused by such programs. All you have to do is, just verify your current DNS settings to make sure that you are not using any of those DNS IPs that are blacklisted. Otherwise re-configure your DNS settings as per the guidelines of your ISP.

Read more »

How Domain Name System (DNS) Works

In the world of Internet and the area of computer networks, you will often come across the term Domain Name System or Domain Name Service which is simply referred to as DNS. The working of DNS forms one of the basic concepts of computer networks whose understanding is very much essential especially if you are planning to get into the field of ethical hacking or network security.

In this post, I will try to explain how Domain Name System works in a very simple and easy to follow manner so that even the readers who do not have any prior knowledge of computer networks should be able to understand the concept.

What is a Domain Name System?

A “Domain Name System” or “Domain Name Service” is a computer network protocol whose job is to map a user friendly domain name such as “Gohacking.com” to its corresponding IP address like “173.245.61.120”.

Every computer on the Internet, be it a web server, home computer or any other network device has a unique IP address allotted to it. This IP address is used to establish connections between the server and the client in order to initiate the transfer of data. Whether you are trying to access a website or sending an email, the DNS plays a very important role here.

For example, when you type “www.google.com” on your browser’s address bar, your computer will make use of the DNS server to fetch the IP address of Google’s server that is “74.125.236.37”. After obtaining the IP address, your computer will then establish a connection with the server only after which you see the Google’s home page loading on your browser. The whole process is called DNS Resolution.

With millions of websites on the Internet, it is impossible for people to remember the IP address of every website in order to access it. Therefore, the concept of domain name was introduced so that every website can be identified by its unique name which makes it easy for people to remember. However, the IP address is still used as the base for internal communication by network devices. This is where the DNS comes in to action that works by resolving the user friendly domain name to its corresponding machine friendly IP address.

In simple words, domain names are for humans while IP addresses are for network devices. The “Domain Name System” is a protocol to establish a link between the two. Hence, it is not a surprise that you can even load a website by directly typing its IP address instead of the domain name in the browser’s address bar (give it a try)!

Types of DNS Servers and their Role:

The Domain Name System (DNS) is a distributed database that resides on multiple computers on the Internet in a hierarchical manner. They include the following types:

Root Name Servers:

The root servers represent the top level of the DNS hierarchy. These are the DNS servers that contain the complete database of domain names and their corresponding IP addresses. Currently, there are 13 root servers distributed globally which are named using the letters A,B,C and so on up to M.

Local Name Servers:

Local servers represent the most lower level DNS servers that are owned and maintained by many business organizations and Internet Service providers (ISPs). These local servers are able to resolve frequently used domain names into their corresponding IP addresses by caching the recent information. This cache is updated and refreshed on a regular basis.

How DNS Server Works?

Whenever you type a URL such as “http://basichackingtips.blogspot.in” on your browser’s address bar, your computer will send a request to the local name server to resolve the domain name into its corresponding IP address. This request is often referred to as a DNS query. The local name server will receive the query to find out whether it contains the matching name and IP address in its database. If found, the corresponding IP address (response) is returned. If not, the query is automatically passed on to another server that is in the next higher level of DNS hierarchy. This process continues until the query reaches the server that contains the matching name and IP address. The IP address (response) then flows back the chain in the reverse order to your computer.

In rare cases where none of the lower level DNS servers contain the record for a given domain name, the DNS query eventually reaches one of the root name server to obtain the response.

FAQs about Domain Name System:

Here is a list of some of the FAQs about DNS:

How does a “root name server” obtain the information about new domains?

Whenever a new domain name is created or an existing one is updated, it is the responsibility of the domain registrar to publish the details and register it with the root name server. Only after this, the information can move down the DNS hierarchy and get updated on the lower level DNS servers.

What is DNS propagation?

Whenever a new domain name is registered or an existing one is updated, the information about the domain must get updated on all the major DNS servers so that the domain can be reached from all parts of the globe. This is called DNS propagation and the whole process can take anywhere from 24 to 72 hours to get completed.

How often the DNS servers are updated to refresh the cache?

There is no specific rule that defines the rate at which DNS servers should be updated. It usually depends on the organization such as the ISP that maintains the server. Most DNS servers are updated on an hourly basis while some may update their databases on a daily basis.

I hope you have now understood the working of DNS in a very convincing manner. Pass your comments and share your opinion

Read more »

How Browser Cookies Work

To begin with, a cookie (also known as browser cookie, Internet cookie,web cookie or HTTP cookie) is a small piece of data that websites store on your hard disk in the form of a text file. Cookies allow websites to store specific information helpful to remember each visitor uniquely. A cookie is set when the user visits a particular website for the first time. Thereafter, each time the user loads the website the browser sends the cookie back to the web server so that it can keep track of the user’s previous activity.

Purpose of Browser Cookies:

The following are some of the common purposes served by cookies:

• Enable automatic user log-in thereby eliminating the need for a password input
• Enhance user experience by storing user preferences so that the site can look different for each visitor
• Keep track of items in the shopping cart
• Record user’s activity such as browsing history, click patterns, page visits and so on

Types of Browser Cookies:

Session Cookie

Since web pages have no memories, a visitor navigating to a different page on the same website is treated as an entirely new visitor. This is where session cookies come in handy. It makes it possible for the website to keep track of the user from page to page so that user specific information such as shopping cart data, account details and other preferences are not lost during navigation.

A session cookie is stored in the temporary memory while the user is on the website. If no expiry date is specified during its creation, session cookies are normally deleted by the browsers upon closure.

Persistent Cookie

A persistent cookie facilitates websites to track user settings and information when they visit the same website in the future. Unlike most session cookies, a persistent cookie does not get deleted upon browser closure. This makes it possible for the websites to easily authenticate users upon revisits without having to login again. In addition, persistent cookies help enhance user experience by storing their previous inputs such as language selection, themes and menu preferences.

Secure Cookie

A secure cookie has a secure attribute enabled so that its content gets encrypted every time it moves between the web server and the browser. This cookie is used only in the HTTPS mode and thus offers protection against cookie theft.

Third-Party Cookie

Third-party cookies are those that originate from a website other than the one that you are currently using. For example, when you visit a websitewww.abc.com, all the cookies that come from this website are called first-partycookies. Suppose, if this website (www.abc.com) is running an advertisement on its page from a third party website www.xyz.com, then the cookie that originates from this website (www.xyz.com) is referred to as a third-party cookie.

Structure of a Cookie

A cookie is comprised of the following seven components:

1. Name of the cookie
2. Value/Content of the cookie
3. Domain associated with the cookie
4. Path for which the cookie is valid
5. Attribute to specify whether the cookie requires a secure connection
6. Attribute specifying whether the cookie can be accessed by a script
7. Expiry information of the cookie

The following snapshot shows the contents of Google’s cookie stored on chrome browser:

---

---

Drawbacks of Cookies

Even though cookies make our lives easier on the Internet, they come with drawbacks as well. Some of the major ones are listed below:

• Shared Machines: Most people share their computers with their friends and family. As a result, a cookie set during the usage of one user may not be appropriate for the other user using the same machine. For example, when a new user revisits a shopping website such as amazon.com, he/she will be presented with all the information belonging to the previous user such as order details, shipping address and other personal preferences. This may cause annoyance to the new user as he/she may be required to change all the preferences once again to match personal requirements. Additionally, the exposure of previous user’s preferences and settings to the new user may raise security issues.
• Accidental Deletion: In many cases, cookies can get erased accidentally when you clear your browsing history or use a third party cookie cleaner program. When this happens all your stored settings and preference gets lost and the website treats you as a completely new user.

Privacy Issues

Since cookies are capable of tracking a number of user specific information such as online behavior and personal preferences, they can be used to hamper the privacy of users. A website may use cookie information to display related advertising products based on your previous purchase. For example, Google often stores and uses your search keywords to display matching advertisements on all its partner network. Some sites are also known to have engaged in selling the cookie data to third parties which seriously hurts the privacy of individuals.

Read more »

How to Bypass Right Click Block on Any Website

In order to block the right-click activity, most websites make use of JavaScript which is one of the popular scripting languages used to enhance functionality, improve user experience and provide rich interactive features. In addition to this, it can also be used to strengthen the website’s security by adding some of the simple security features such as disabling right-click, protecting images, hiding or masking parts of a web page and so on.

How JavaScript Works?

Before you proceed to the next part which tells you how to disable the JavaScript functionality and bypass any of the restrictions imposed by it, it would be worthwhile for you to take up a minute to understand how JavaScript works.

JavaScript is a client side scripting language (in most cases), which means when loaded it runs from your own web browser. Most modern browsers including IE, Firefox, Chrome and others support JavaScript so that they can interpret the code and carry out actions that are defined in the script. In other words, it is your browser which is acting upon the instruction of JavaScript to carry out the defined actions such as blocking the right-click activity. So, disabling the JavaScript support on your browser can be a simple solution to bypass all the restrictions imposed by the website.

How to Disable the JavaScript?

Here is a step-by-step procedure to disable JavaScript on different browsers:

For Internet Explorer:

If you are using IE, just follow the steps below:

1. From the menu bar, go to Tools -> Internet Options.
2. In the “Internet Options” window, switch to Security tab and click on the button Custom level…

3. From the Security Settings, look for the option Active scripting and select the Disable radio button as shown above and click on “OK”.
4. You may even select the Prompt radio button, so that each time a page is loaded, you will have the option to either enable or disable the scripting.

For Google Chrome:

If you are using Chrome, you can disable the JavaScript by following the steps below:

1. Click on the Chrome “menu” button (on the top right corner) and selectTools.
2. From the “Settings” page, click on Show advanced settings…
3. Now under Privacy, click on the button Content settings…

4. Under the JavaScript, select the radio button which says “Do not allow any site to run JavaScript” and click on “Done”.

For Mozilla Firefox:

Steps to disable JavaScript on Firefox:

1. From the menu bar, click on Tools -> Options.
2. From the Options window, switch to Content tab, uncheck the option which says “Enable JavaScript” and click on “OK”.

How to Bypass the Right Click Block?

In order to bypass the right-click block or any other restriction imposed by JavaScript, all you need to do is just disable it in the browser and refresh the same page, so that it now reloads without JavaScript functionality. You are now free to right-click on the page, view its source or even copy any of the images that you may want to. Don’t forget to re-enable the JavaScript once again when your job is over. Otherwise lack of JavaScript support may result in unusual rendering of web pages.

Read more »

List of all Facebook keyboard shortcuts for all Browsers

Some time we do not find our self comfortable using the mouse and its click all way long, specially when we are on be with our laptops, or when we are chatting with someone, we'll rather feel comfortable for us to use the keyboard shortcuts, so here today i present you the list of keyboard short-cuts for Facebook which can be used on all browsers.

Note: for each of these shortcut keys, if you’re using Firefox, you’ll need to use Shift+Alt instead of just Alt, and for Internet Explorer you’ll need to hit the Enter key after the shortcut to trigger it. If you’re using a Mac, you’ll need to use Ctrl+Opt instead of Alt.

Tip: If you are using Internet Explorer, after pressing Alt + # let go of both keys and press Enter for the shortcut to work. For example, press Alt + 1 (let go) and then press Enter to open the Facebook home page. * Also, the M to open a new message in Internet Explorer does not work, since it is the home shortcut.

M	Open a new message *
?	Go to the Facebook Search
1	Home (News Feed)
2	Your profile page
3	Friend requests
4	Messages
5	Notifications
6	Your Account Settings
7	Your Privacy Settings
8	Go to the Facebook page
9	View Facebook Statements and Rights agreement
0	Open Facebook help center

NOTE: If you’re on a Mac, you (currently) need to add Ctrl+Option+ to each of the shortcuts (Firefox on Mac is Function+Ctrl—thanks Robert Reents!). Other than that, they should work the same.

Facebook Shortcut Keys for Chrome

Alt + m                                                                          New Message

Alt + 0                                                                            Help Center

Alt + 1                                                                             Home Page

Alt + 2                                                                            Profile Page

Alt + 3                                                                            Manage Friends List

Alt + 4                                                                            Messages List

Alt + 5                                                                            Notification Page

Alt + 6                                                                            Account Settings

Alt + 7                                                                            Privacy Settings

Alt + 8                                                                            Facebook Fan Page

Alt + 9                                                                            Facebook terms

Alt + ?                                                                             Search Box

Facebook Shortcut keys for Firefox

Shift + Alt + m                                                       New Message

Shift + Alt + 0                                                        Help Center

Shift + Alt + 1                                                         Home Page

Shift + Alt + 2                                                         Profile Page

Shift + Alt + 3                                                         Manage Friends List

Shift + Alt + 4                                                         Messages List

Shift + Alt + 5                                                         Notification Page

Shift + Alt + 6                                                         Account Settings

Shift + Alt + 7                                                        Privacy Settings

Shift + Alt + 8                                                        Facebook Fan Page

Shift + Alt + 9                                                        Facebook terms

Shift + Alt + ?                                                         Search Box

Read more »